File logback-CVE-2025-11226.patch of Package logback

--- logback-1.2.11/logback-core/src/main/java/ch/qos/logback/core/joran/conditional/IfAction.java	2025-10-03 08:07:31.612322275 +0200
+++ logback-1.2.11/logback-core/src/main/java/ch/qos/logback/core/joran/conditional/IfAction.java	2025-10-03 08:35:54.710217338 +0200
@@ -33,6 +33,9 @@
     public static final String MISSING_JANINO_MSG = "Could not find Janino library on the class path. Skipping conditional processing.";
     public static final String MISSING_JANINO_SEE = "See also " + CoreConstants.CODES_URL + "#ifJanino";
 
+    public static final String NEW_OPERATOR_DISALLOWED_MSG = "The 'condition' attribute may not contain the 'new' operator.";
+    public static final String NEW_OPERATOR_DISALLOWED_SEE = "See also " + CoreConstants.CODES_URL + "#conditionNew";
+
     Stack<IfState> stack = new Stack<IfState>();
 
     @Override
@@ -59,6 +62,14 @@
 
         if (!OptionHelper.isEmpty(conditionAttribute)) {
             conditionAttribute = OptionHelper.substVars(conditionAttribute, ic, context);
+
+            // do not allow 'new' operator
+            if(conditionAttribute.contains("new ")) {
+                addError(NEW_OPERATOR_DISALLOWED_MSG);
+                addError(NEW_OPERATOR_DISALLOWED_SEE);
+                return;
+            }
+
             PropertyEvalScriptBuilder pesb = new PropertyEvalScriptBuilder(ic);
             pesb.setContext(context);
             try {